CVE-2012-0738

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.8MEDIUM

EPSS

0.1%

top 65.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Policy Tester IBM Security Appscan

Timeline

PublishedDec 28

Latest updateMay 17

Description

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDibm/rational_policy_tester8.5.0.2+14

▶NVDibm/security_appscan8.6.0.1+9

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-9c3c-25c4-7v5v: IBM Security AppScan Enterprise before 8↗2022-05-17

▶

CVEList

CVE-2012-0738: IBM Security AppScan Enterprise before 8↗2012-12-28

▶